This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
No ratings

NetWitness Endpoint Foundations 11.6 ILT

ElynnKoh
Contributor Contributor
Contributor

on ‎2021-10-25 06:05 AM - edited on ‎2023-05-17 09:34 AM by Occasional Contributor Occasional Contributor

Netwitness-Education-2C (2).png

 

Access Training
for Customers/Partners

Access Training
for NetWitness Employees

 

 

 

 

$2,100 USD

 

 

2,000 Training Credits

 

 

 

This is an Instructor Led Training class, for On-Demand/Self-Paced please click here

 

Summary

This training introduces security analysts and administrators to the architecture and toolkit for detecting and investigating risk on endpoint hosts.
This is an update to version 11.6. 

 

Overview

This 2-day course consists of lecture/discussion and lab exercises intended for lay the foundations of your understanding of NetWitness Endpoint.   

Intended audience is anyone performing security monitoring, hunting, and analysis with NetWitness Endpoint; anyone serving as admin or content creator for NetWitness Endpoint will also benefit. It supplements the NetWitness Platform Foundations and NetWitness Admin I courses. 

 

Audience

Anyone new to NetWitness Endpoint interested in increasing their familiarity with the tool’s features and functions within the context of endpoint investigation and analysis.

 

Duration: 2 days

 

Prerequisite Knowledge/Skills

Basic familiarity with NetWitness Platform 11.x (recommended) 

Familiarity with typical incident response processes (recommended) 

Basic knowledge of malware, networking fundamentals and general security analysis concepts is recommended.

 

Course Objectives

Upon completion of this training, the student should be able to: 

  • Enable/Disable a data retention policy 
  • Define new Endpoint policy group 
  • Configure the NetWitness Endpoint Log Hybrid 
  • Create packager and deploy Endpoint agent 
  • Scan endpoint host and evaluate results 
  • Interpret host and file risk scores 
  • Customize Endpoint data display 
  • Analyze a process, including parent and child processes 
  • Identify potentially malicious activity 
  • Identify Autoruns on a Windows endpoint 
  • Create an incident manually 
  • Assign an incident in Respond 
  • Interpret incident views 
  • View deployed ESA rules for Endpoint 
  • Extract a Master File Table 
  • Identify timestamp discrepancies in MFT 
  • Download files for external analysis

 

Course Outline

Module 1: Introduction
Module 2: Architecture & Configuration
Module 3: Endpoint Agents, Hosts, & Scans
Module 4: Risk Scores and Metadata 
Module 5: Files and Libraries
Module 6: Processes, Autoruns and Anomalies
Module 7: Alerts and Incidents
Module 8: Malicious Behavior & App Rules
Module 9: Forensic Tools
Module 10: Configuration

 

 

 

If you have any questions, please contact your account manager or Contact Us directly!

Was this article helpful? Yes No
Version history
Last update:
‎2023-05-17 09:34 AM
Updated by:
Occasional Contributor Occasional Contributor
© 2022 RSA Security LLC or its affiliates. All rights reserved.